3025 matches found
FreeBSD : squirrelmail -- XSS and remote code injection vulnerabilities (79630c0c-8dcc-45d0-9908-4087fe1d618c)
A SquirrelMail Security Advisory reports : SquirrelMail 1.4.4 has been released to resolve a number of security issues disclosed below. It is strongly recommended that all running SquirrelMail prior to 1.4.4 upgrade to the latest release. Remote File Inclusion Manoel Zaninetti reported an issue i...
CVE-2004-2211
CVE-2004-2211 describes a cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0. The flaw allows remote attackers to inject arbitrary scripts/HTML through multiple input vectors: forum_id, method, and forum_title in post.asp; forum_title in forum.asp; and id in post.asp. The cited ref...
XML-RPC Library 1.3.0 - 'xmlrpc.php' Remote Code Injection
tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc drupal exploit, but James sais xoop...
XML-RPC Library 1.3.0 - xmlrpc.php Remote Code Injection
XML-RPC Library 1.3.0 - xmlrpc.php Remote Code Injection tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research...
XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit
Exploit for unknown platform in category web applications =================================================================== XML-RPC Library \n"; print "special chars allowed are / and - \n\n"; read command line options my $options = GetOptions general options 'host=s' = $host, input host to...
XML-RPC Library <= 1.3.0 (xmlrpc.php) Remote Code Injection Exploit
No description provided by source. tested and working /str0ke !/usr/bin/perl ilo-- This program is no GPL or has nothing to do with FSF, but some code was ripped from romansoft.. sorry, too lazy! xmlrpc bug by James from GulfTech Security Research. http://pear.php.net/bugs/bug.php?id=4692 xmlrpc...
Serendipity XML-RPC for PHP Remote Code Injection
The version of Serendipity installed on the remote host is prone to remote code execution due to a failure of its bundled XML-RPC library to sanitize user-supplied input to the 'serendipityxmlrpc.php' script. This flaw may allow attackers to execute code remotely subject to the privileges of the...
XML-RPC for PHP Remote Code Injection Vulnerability
Description XML-RPC for PHP is affected by a remote code-injection vulnerability. An attacker may exploit this issue to execute arbitrary commands or code in the context of the webserver. This may facilitate various attacks, including unauthorized remote access. XML-RPC for PHP 1.1 and prior...
CVE-2002-1954
CVE-2002-1954 is an XSS in the PHP 4.2.3 phpinfo function. The vulnerability allows remote attackers to inject arbitrary web script or HTML via the query string argument, demonstrated using soinfo.php. Affected software: PHP 4.2.3; vulnerable component: phpinfo output handling. Root cause: unsani...
CVE-2002-1965
Cross-site scripting XSS vulnerability in Errors.gsl in Imatix Xitami 2.5b4 and 2.5b5 allows remote attackers to inject arbitrary web script or HTML via the 1 Javascript events, as demonstrated via an onerror event in an IMG SRC tag or 2 User-Agent field in an HTTP GET request...
CVE-2002-1802
Cross-site scripting XSS vulnerability in Xoops 1.0 RC3 allows remote attackers to inject arbitrary web script or HTML via Javascript in an IMG tag when submitting news...
CVE-2002-1732
Actinic Catalog 4.7.0 is affected by multiple XSS vulnerabilities (CVE-2002-1732). The issues allow remote attackers to inject arbitrary web script or HTML via: (1) query string arguments to certain .pl files, (2) the REFPAGE parameter to ca000007.pl, (3) the PRODREF parameter to ss000007.pl, or ...
CVE-2005-1811
Technical details for CVE-2005-1811 are not publicly available in the provided documents. Monitor for updates.
postnuke -- multiple vulnerabilities
Postnuke Security Announcementss reports of the following vulnerabilities: missing input validation within /modules/Messages/readpmsg.php possible path disclosure within /user.php possible path disclosure within /modules/News/article.php possible remote code injection within /includes/pnMod.php...
Maxwebportal 1.36 - 'Password.asp' Change Password (1) (HTML)
-----------------Code Start-----Version 1.35 and older-------------- pass1: pass2: Id: Member Key: -----------------End------------------- Version 1.36, 2.0, 20050418 Next: -----------------Code Start-----Version 1.36, 2.0, 20050418 Next-------------- pass1: pass2: Id: Member Key:...
CVE-2005-1695
CVE-2005-1695 affects PostNuke RSS module (versions 0.750, 0.760RC2/RC3). The vulnerability is described as multiple cross-site scripting (XSS) flaws allowing remote injection of script/HTML via parameters: rss_url in magpie_slashbox.php and url in magpie_simple.php/magpie_debug.php. Connected Op...
PostNuke <= 0.760 RC4a Multiple Vulnerabilities
The remote host is running PostNuke version 0.760 RC4a or older. These versions suffer from several vulnerabilities, among them : - Multiple Remote Code Injection Vulnerabilities An attacker can read arbitrary files on the remote and possibly inject arbitrary PHP code remotely. - SQL Injection...
CVE-2004-1926
Tiki CMS/Groupware TikiWiki 1.8.1 and earlier allows remote attackers to inject arbitrary code via the 1 Theme, 2 Country, 3 Real Name, or 4 Displayed time zone fields in a User Profile, or the 5 Name, 6 Description, 7 URL, or 8 Country fields in a Directory/Add Site operation...
osTicket 1.2/1.3 - Multiple Input Validation / Remote Code Injection Vulnerabilities
source: https://www.securityfocus.com/bid/13478/info osTicket is affected by multiple input validation vulnerabilities. These issues are due to a failure in the application to properly sanitize user-supplied input. Reportedly the application permits the inclusion of remote code that could be run...
CVE-2005-1181
NOTE: this issue has been disputed by the vendor. PHP remote code injection vulnerability in loader.php for Ariadne CMS 2.4 allows remote attackers to execute arbitrary PHP code by modifying the ariadne parameter to reference a URL on a remote web server that contains the code. NOTE: the vendor h...